The FlightChops teams reaches 100K Subs!

So many of you know I am good friends with Steve Thorne from www.flightchops.com and also his amazing YouTube channel located HERE

I want to take this moment to congratulate Steve and his team for reaching 100K subs, as of this writing he is actually at 107K.   This has been an amazing story about someone who was passionate about a topic, took that online in their own way.   People attacked Steve alot in the beginning, and even now for posting mistakes, troubles and pitfalls of learning to fly but the truth is – that is what made his channel popular.

Sponsors have taken note, and big names too like Bose and ForeFlight have put some support behind Steve.  Even with the big name support he still receives a significant contribution from Patreon (including me) and he never forgets those who got him here, by running many contests for everything from Bose Aviation headsets to a San Juan Islands Adventure trip!

Content is king – bottom line – and Steve and his team of editors and videographers have amassed a ton of content and gone from twice monthly to sometimes 4 times per month publishing this amazing content.      Steve continues to do this his way, and sponsors do not impose on content.   His “day job” of video and media production has brought a significant professional flair and production quality to his episodes and that production quality has been steadily increasing.

Will this ever reach “Mainstream” television?  You mean YouTube isn’t mainstream?   I would appear to me that the likes of “Outdoor Network” are only interested in fake shows auctioning off storage units sadly.

So if you are a private pilot, or just an airplane nerd like me – go and check out his humble little channel and I promise you will learn something along the way, as Steve says “Keep your Flight Chops Sharp!”

Congrats again Steve on your channels success!

Advertisements

Denise “Fish” Fishburne Designing new security focused “Network Detective Series”

If you have read my blog, you know I am a huge fan of Denise “Fish” Fishburne’s sessions, not only because Fish is an amazing dynamic speaker but these are not your typical sessions.

The Network Detective Series has been well reviewed, both here on my blog, and on other blogs.  If you are new to networking, and even old to networking this series will make you a better troubleshooter. Check it out HERE.

Screen Shot 2017-06-29 at 8.35.20 AM.png

During the event it was well known that “The Network Detective” series was ending this year as Denise transitioned to a security focus. In a series of tweets during Cisco Live, Denise announced that “Techniques of a Network Detective” will continue next year.

 

Screen Shot 2017-06-29 at 8.50.52 AM

networkdetective-229x229

In an adhoc interview after the Cisco Live Customer Appreciation Event we learned that not only will Network Detective continue with fresh content for Cisco Live! in 2018, but after that the old content will hit the floor and a new Security Content / Focused version of “Network Detective” will launch for 2019.

You know I will be there, front row to hear all the new “Techniques of a Network Security Detective” and will report back here.

NSX – The Network Redefined

Looking Forward

The network has been a long haul.   Wow, what a long way we have come from a long time ago, to hubs, to switching and now to networks being virtualized, on hardware, on software and sometimes even on the occasional Raspberry Pi device.

There are so many terms out there, and nobody agrees on what the definition of “SD” anything is.   If we go by Wikipedia, they claim ”

Software-defined networking (SDN) is an approach to computer networking that allows network administrators to programmatically initialize, control, change, and manage network behavior dynamically via open interfaces[1] and abstraction of lower-level functionality.”

That is a little general, isn’t it?   I mean how does that concept help a business actually deliver on value?  How do I get from “SDN” to business value, without spending millions of dollars and hiring people to internally write “stuff”.

Everyone tried to create something, and as things normally go, everyone said “let’s use this open protocol” – not realizing that the open protocol did about 60% of what we needed in the real world, didn’t have an interface because it is a protocol and we need a gaggle of PHD’s to deploy it.

If you are a developer you are probably reading this thinking – “It is not that hard” – but for some of us, especially traditional network types or managers, it really is that hard, and what about the <1000 user crowd.

VMWare does for the network what it did for servers

This is that kind of thing, VMWare is changing the game, again.

2017-06-12 14_06_20-NFD15-VMware NSX-vFINAL.pdf

I have to admit, I was not a believer.  I was truly the person that sat here and thought “If I want to virtualize my network I want to do it in silicon”.   CPU power has reached a point where that argument does not hold water anymore, and we can engineer our way around that anyway, it is a moot point.

Virtualizing Network Hardware Is Different

Here is the problem with something like a pure Cisco ACI, or virtualized in the hardware.   The entire point of network virtualization is that the network shouldn’t matter.   If I want to create a truly elastic infrastructure, then my environment must not care what the transport is underneath.

I am not suggesting the wild west, on the contrary, you still need to monitor, manage and engineer the underlying network to attain the performance you want, but if my intention is to create a Hybrid strategy into cloud services like Azure, AWS, TATA or Long View ODI, I shouldn’t much care.   I want to put the workload where I want, when I want, with the security definitions I need, and I don’t want to use 27 different tools to achieve that.

Applications Are The Focus

Everyone is talking this way, Cisco is talking ACI – Application Centric Infrastructure and VMWare is talking NSX, but the concepts are the same.   You need the security of your apps and data but you need to deal with changes in threats and user behavior.   You need analytics and security.

2017-06-12 14_02_49-NFD15-VMware NSX-vFINAL.pdf

The APP itself needs to be decoupled from the underlying infrastructure to make things elastic, but to attain the true elasticity, you need an automation platform that does a few things

  1. Delivers on IT and business process
  2. Automates to remove mistakes
  3. Does not require significant programming knowledge

2017-06-12 14_07_06-NFD15-VMware NSX-vFINAL.pdf

Ideally you need to have all of this in a single pane of glass to make it easy to manage, otherwise, cross management integrations are going to cause you a ton of headaches.  When people say “service chaining” I start to get a migraine.  Not to say you cannot to that, you can, and they integrate with a huge ecosystem of partners, but I should not have to pick a management platform and then everything else is a partner product.

You can go wild if you want

2017-06-12 14_10_47-NFD15-VMware NSX-vFINAL.pdf

I keep complaining about going “fully open protocol” – but the good ews is, if you want you can go full open protocols, full automation and full custom with NSX if that is what you want.  They have the automation tools to get you there.  So if you are the developer type, and I am not, feel free to go and get your python on and chef yourself some puppet stacks – I will be over here wishing I honestly understood all that stuff.

Give me the veggies

Here is the story on what you need to know, we will break it down into a few bite sized chunks.

Architecture

2017-06-12 14_12_56-NFD15-VMware NSX-vFINAL.pdf

vCenter is still here

So the big things you need to knows.  vCenter is still very much a part of how you live, and NSX Manager plugs into vCentre to give you all the management you know and love.  The good news is, they are not reinventing the world here, so if you are already a VCP or VMWare savvy person you should feel right at home.

NSX Controller

The NSX Controller manages the world of NSX, but is configured by the NSX manager plane.  All of your logical networks, and control is done here.  This isn’t in the data path, it is basically orchestrating the config download to all of the componants.  The distributed logical router (fancy name for a virtual router) and the switching endpoints.  You don’t really deal with this day to day

Data Plane

This is your hypervisor, and you don’t really change anything here – your connectivity is in place, and the hypervisor knows from the controller which domain each VM is in, and if it needs to be transported between sites and to whom it can talk to.   This is where your logical switch, distributed logical router and firewall processes actually live.

Multi-Site Capabilities

This is where I think NSX really shines, not just in the ability to segment, but to take that segmentation and make it elastic across locations.  Pick up and move a VM across data centers, and IP addresses do not change, and security constructs remain intact.   Doing maintenance in a DC and need a full shut down?  No problem, move your workloads and shut it down.   Distribute your apps using the built-in load balancer across the network.

2017-06-12 14_08_57-NFD15-VMware NSX-vFINAL.pdf

The key here is that this works brownfield, no need to lift and shift all of your apps into a new network design to make it work, and no application has to change IP addresses to get this DR functionality.   Extend across geographical boundaries, keep your security posture in check.

When moving workloads there is no need to lose your security policies because you are moving workloads around, and you do not pay for NSX DR licenses for active standby, only for active active.

2017-06-12 14_51_22-NFD15-VMware NSX-vFINAL.pdf - Adobe Reader

The multi-site capabilities alone are a reason to deploy NSX – and many customers do, even if they are not micro-segmenting their network today, the mobility options alone are worth the price of admission.

 

Micro-Segmentation

What an industry word, but the bottom line is, we need to segment services from services at the service level – not at the subnet level.

This is a stateful firewall, with full chaining out to IPS/IDS possible, 5 tuple configured.

This is not just ACL, it is a full ALG, so it will take data and control / ephemeral ports and groups them so you do not end up with a giant mess in your rules as well.

2017-06-12 14_33_58-NFD15-VMware NSX-vFINAL.pdf

A bit of an eye chart, but the idea is that each VM can not be its own perimeter, and policies are created once and then grouped so mistakes against policies are reduced.  Threats have a hard time spreading when things are locked down like this.

2017-06-12 14_46_53-VMWare Distributed Firewall - Google Search

The firewall manager is very intuitive, basic rules to set everything up, but the challenge is how to setup the rules right?

Policy Creation Costs Reduced with ARM

The cost of deploying new policies is significant in many organizations – some spent 10-50x the cost of their firewalls just to come up with the policies to segment subnets, only to end up with giant holes in their firewall rule set.

This is what makes NSX something you can actually deploy, you really need a tool like this in order to put something like NSX in production.  Nobody understands application data flows (ok some people do) but there are always mistakes made when segementing your network.

The good news here is something called ARM – Application Rule Manager

2017-06-12 14_37_23-NFD15-VMware NSX-vFINAL.pdf

Everyone has done this, you set up your rules, set your allow all, watch your syslog for events, then go to deny, monitor your deny logs, anger a few users as things break, fix your firewall logs.   There has to be a better way, and there is with ARM.

You can monitor application flows in real time, and then create rule sets from those monitored data flows.   ARM has been segregated from normal flow monitoring, so there is no impact to production traffic, and they do limit the number of VM’s you can run ARM on at the same time.   You are not supposed to run this all the time.

2017-06-12 14_44_50-arm_ms_pic3.png (1639×997)

Remember this is an ALG, so it understands ephemeral ports, and protocols like FTP so if you allow FTP, then FTP will work.  Windows RPC is just Windows RPC.    All the rules can be cached and setup, without implementation and then you can get your security person to review all of them, approve and then move forward.

Once things are setup, now you can monitor the actual flows, and show packets and bytes so you can see your rules up and working.

2017-06-12 14_46_40-VMWare Distributed Firewall - Google Search

 

Automate with vRealize

The automation within vRealize has been around for some time, but now with the ability to deploy automated NSX rules and pre-defined architectures will provide large organizations with the power to deploy new applications, or even container applications very quickly.   The good news is, the interface here is very easy to understand and with a “canvas” style approach you can build out your applications and services in a graphical manner and see relationships with attached policies.

I could honestly go on for while about just automation, but here is a taste of the interface, expect more in another article.

2017-06-12 14_58_02-nsx vrealize automation - Google Search

 

Disclaimer for this article

This article was written a few months after I attended Networking Field Day 15, as in my previous disclaimer we normally receive things like bags and hats and some of my expenses are covered by the event.    However, after this presentation I was offered some free training vouchers from VMWare for NSX training and certification – they were offered months before I even wrote this article, and I have not consumed them as of this writing but I plan to.   I am disclosing this because of the sheer value of those vouchers exceeds the normal “here’s a free hat” offer.    I would like to thank VMware for their generosity, and I plan to use them to further my personal education on NSX.

SAY MY NAME – Cisco Live 2017

Sources are telling me that Bryan Cranston will be the guest celebrity keynote at Cisco Live 2017 – #CLUS

Bryan_Cranston_a_l_0

Bryan Cranston won the Primetime Emmy Award for Outstanding Lead Actor four times, three in a row.  Once he was a producer he also won Outstanding Drama Series.   Growing up in California, acting was natural to Bryan.  During his early career he did it the hard way, commercials, and small productions until landing larger roles in Saving Private Ryan, Seinfeld, King of Queens and then of course Malcolm in the Middle and Breaking Bad.   Now a six episode half-hour series called “The Dangerous Book for Boys” a new comedy series from Bryan Cranston has been picked up by Amazon.

Last year we were thrilled to listen to Kevin Spacey talk about how technology had revolutionized the TV and Movie industry with Netflix now becoming a content creator, how he traveled through space and time creating an amazing career.   Now with 3D immersion the game will change again, and if I had to guess Kevin Spacey will be at the forefront.

This year, Bryan Cranston will take to the stage and talk about….  We have no idea, but I know this, it is sure to be an amazing talk.   I personally hope to hear about his life, and career along with his thoughts about disruptive technology in the business.

 

 

Ford Finally Delivers CarPlay to 2016 Customers – almost a year late

It has finally been posted to owner.ford.com

After almost a one year delay (It was promised Summer 2016 to customers) Ford has finally provided the Sync 2.2 update on their website and officially offered it to customers.

Keep in mind 2017 owners, with the same devices all had 2.2 from the factory in some areas in July of 2016,  and many other owners who were willing to install software from the internet, had it as early as December.  So why the 6-8 month lag for people who were promised this the day they purchased their vehicles they will never know.

Many customers have said this is their last Ford,  many people have even sold their Ford vehicles over this – yes that sounds crazy.

Justin’s opinion…

What bothers me the most, is that Ford has been touting themselves as a technology company, being the first car manufacturer to ever present at CES, to the first with major technology like Sync.     If your intention is to be the “Apple” of the car industry, it seems to me that it started out well, but they are ending up with promises with limited delivery.   Perhaps they are finding out what being a technology company is all about, it isn’t as easy as they thought.

Sync 2 running on Windows was an absolute and abysmal failure with tons of performance related problem, app issues and integration problems for third parties.   Giving up on Windows and going to QNX fixed the performance problems, but now on a more realtime embedded type operating system, Ford is struggling to keep up with feature releases like this.

Either Ford figures out how to take their place back a the top of the technological automaker spot in the industry – or someone will surpass them, and it might very well be the likes of Apple, Google or even Tesla.

 

now22

 

Ford still not delivering CarPlay to 2016 vehicles

It is funny when you write a blog post – and it becomes strangely popular.   This is a tech blog, but I toss in some occasional rants, or rally type stuff about thing going on around me.

I’m going to help you FIX this if you own at least a Ford F-Series….

To give you an idea of what I am talking about, and why it confuses me so…  In 2017 here are the top posts on my site.  As of 4/22/2017 when I wrote this.

Ford Promises CarPlay – Fails to Deliver – 4967 unique views

Cisco Spark Board – Innovation In Collaboration – 2108 Views

stats

I’m horrible at web sites, and at SEO, but I guess sometimes the SEO bit starts to work properly, because my Ford Promises CarPlay blog is by far the most popular thing around here.    With that in mind, everyone is finding their way here because of the issue, so let me try and help out.

First – go to your dealer and try and get the upgrade, that is the legal, non warranty voiding method, if you do not want to wait anymore – proceed with the understanding this is at your own risk.

There are 2 scenarios you are in

 

You own a 2016 Ford with Sync 3 Version 2 – but CarPlay does not work

The good news is, this is very easy to fix.   The issue was that when these vheicles shipped, Ford was not shipping a “CarPlay” compatible USB Hub, the Sync unit has 1 USB output which goes down to a hub in the dash that you plug into.

Once you update to the correct USB Hub – CarPlay will just work for you.  So what do you need to do?

Goto Ford, and get the correct hub, I don’t know the part number for every car, if you look online the various car forums can probably help you – OR – you can simply go and ask for a replacement USB hub for a 2017 model of your car.

For the 2016 Ford F-150 here is the model number you need.    The parts guy might give you a hard time, tell him it’s for a 2017 Ford F-150 Lariat, tell him you don’t have a VIN, and that’s the part number, if he says “IF this is the wrong part it is your fault” — just say “Yep i’m fine with it”  it shouldn’t cost you more than $100

GJ7Z-19A387-B (WHITE BACKLIGHTING)
HC3Z-19A387-B (BLUE BACKLIGHTING)

Here is a video showing how to do it…  Thanks to that user for posting.

 

You own a 2016 Ford with Sync 3 – and your version is not 2.0 or higher

This is where things get a little more complicated.     First you need to do the step above for those who have 2.0 or higher, so stop now, and go order that part, when you are done, come back.

Ford seems to not want to send out the upgrade from 1.0 to 2.0 – that is the problem here – yes the issue is some kind of software issue, which we don’t know why because the rest of us who are willing to play with our vehicles, have been running CarPlay for — 4 months at this point.

Now that you have the new hub, you need to search online for the specific Sync 3 2.0 upgrade package, you put it on a USB key, and plug it in, and the upgrade procedure starts.    I am not providing links to that software, that would probably break all kinds of laws – if you are willing to take the chance, I am sure you can find it.   WARNING:  It is very easy to use the WRONG upgrade file, ensure you are using the correct file, for NAV vs NON-NAV models (no you can’t upgrade to free NAV) .

Here is a video of someone doing it on a Ford Focus RS